LDAP is a client server protocol for accessing directory service. The inspiration behind LDAP was to create a "lightweight" protocol to access X.500 directories ,whose naming model is explicitly stated and hierarchical, so that clients could run without high demand for computing resources and complexity.
The first spec for LDAP is described in RFC 1487.
LDAPv2 is explained in RFC 1777 & 1778.
LDAPv3 is a proposed draft standard ( RFC 2251-2256).
LDAP standard defines -
1. a network protocol for accessing information in the directory. It defines the operations one may perform e.g. search, add, delete, modify and change name. It also defines how operations and data are conveyed.
2. an information model defining the form and character of the information.
3. a namespace defining how information is referenced and organized.
4. an emerging distributed operation model defining how data may be distributed and referenced(v3).
Directory services are repositories for information about network-based entities, such as applications, files, printers, and people. Directory services are important because they provide a consistent way to name, describe, locate, access, manage, and secure information about these resources. Many vendors build specialized repositories or directory services into their applications to enable the specific functionality their customers require. As such, enterprise class directories take an important step towards the consolidation of corporate directories by offering standards-based interfaces allowing for interoperability and centralized directory management.
Any directory sevice depends on "namespace", which provides for efficient referencing and retrieval of collections of related information. The namespace for LDAP is hierarchical, so it has the concept of fully qualified names called Distinguished Names (DN).
Accessing an LDAP directory is accomplished by using a combination of DN, filter, and scope. A base DN indicates where in the hierarchy to begin the search. A filter specifies attribute types, assertion values, and matching criteria. A scope indicates what to search : the base DN itself, one level below the base DN, the entire sub-tree rooted at the base DN.
LDAP does not specify how the directory service itself operates.
LDAP directory service works based on the client-server model. LDAP is a message oriented protocol. One or more LDAP servers contains the data making up the LDAP directory tree. An LDAP client connects to an LDAP server and asks it a question. The server responds with the answer, or with a pointer to where the client can get more information (typically another LDAP server). No matter which LDAP server a client connects to, it sees the same view of the directory. This is an important feature called global directory service.